Although you probably take your online security and privacy seriously when you’re at home, there’s a good chance you take a more blasé attitude when you’re at work.

Most people expect to be safe when they’re at their workstation in the office. You simply assume your IT team is sufficiently competent to keep you and your data secure. Sadly, that’s not the case. Even if you’re lucky enough to have the best IT team in the country supporting you, you can still be at risk.

What are the five biggest threats facing your privacy and security in the workplace? Let’s take a look.

1. Outdated Software

You probably don’t have any control over what software is running on your employer’s network. Sadly, it can have grave security implications.

It’s especially true if you have to use software that’s outdated or unsupported by the developer, or if you’re running an operating system that’s showing its age.

Redundant software is rife in companies around the world. Sometimes, there’s a good reason for its ongoing use: perhaps it provides access to legacy data. However, that’s not always the case.

There’s a knock-on effect of using old operating systems: modern apps will not be able to run on it. Thus, you will have to use older versions of software that in turn have their own risks and vulnerabilities.

Want to know why business are using old operating systems? Normally, it boils down to cost. In 2016, the Australian Queensland Health Organization had to spend $25.3 million to migrate from Windows XP to Windows 7. And that’s not considering the opportunity cost of the inevitable downtime.

2. You’re Under Surveillance

Even if you’re fortunate and your company invests heavily in IT infrastructure, you’re still at risk from your IT department “spying” on you.

Ten years ago, this caught me out as graduate fresh out of college in my first corporate job. After a couple of years, I was growing frustrated and looking for a new challenge. I spent a few weeks browsing job boards and applying for new roles, only to be called into my boss’s office and fired for gross misconduct. The IT team had gone as far as to prepare a dossier on my online activities which my manager wafted in front of my face.

Don’t make the same mistakes as me: only use your employer’s internet and email system for company-related activities.

3. Data Protection

Your company has an enormous amount of your personal data on record. Your name, age, address, contact details, next of kin, bank details, health plans, social security number, and countless more information is tucked away in some vague-sounding “employee file.”

Except, this isn’t 1983. Your file is no longer a physical box gathering dust at the back of a cupboard. Instead, it’s all stored electronically on network-connected HR systems.

Image Credit: REDPIXEL.PL via Shutterstock

The risks here are obvious. Unless you actually work in the IT department, you have no way of knowing what checks and balances are in place to keep your data safe. If a hacker breaches your employer’s systems, they could steal it all in the blink of an eye.

It doesn’t matter whether you work for a small SME or a multinational corporation. Smaller businesses are, on average, less likely to spend large amounts of cash on robust security, while big businesses are a lucrative target for cyber-criminals and thus garner more of their attention.

4. User Accounts

Who has access to an administrator user account in your office? Most people have no idea. And even if you know, are you happy trusting them implicitly with access to your data?

Even if you’re confident that the genuine system admins are trustworthy, what happens when someone’s account has been accidentally granted excessive privileges? If you work in a company with thousands of employees, are you sure that every single one of their users’ accounts has been correctly configured with the right access levels?

But what are the trade-offs? You’ll have almost certainly signed away a huge slice of privacy for the benefit. In many cases, you might not even be aware — did you closely read your contract’s small print?

Such policies are heavily geared towards your employer’s interests. You’ll usually have given them a right to access and monitor your device.

Even if you’re not connected to a company’s Wi-Fi, you’re still not safe. Your employer will have permanent access to lots of data and information. When it comes to personal phones or tablets in BYOD schemes, this includes your wireless carrier, phone manufacturer, model number, operating system version, battery level, phone number, storage use, corporate email, and corporate data.

They’ll also be able to see your location. If you’re thinking of faking a sick day to go to Disney World, think again. Or at least, leave your phone at home.

What Should You Do?

As you’ve been reading through my five points, you might be thinking that many of the issues I’ve raised are beyond the control of a typical employee.

Too many people view their office computer as an extension of their home network. They use their employee email addresses for highly sensitive communications, keep scans of their ID and bank statements on the hard drive, have family photos on the desktop, the list goes on.

Similarly, if you have an employee-provided smartphone or tablet, refrain from installing apps which need your personal information such as banking, personal email, or social media. You never know what data your company is logging. If you want to be really extreme, you shouldn’t even make personal phone calls.

Do Security and Privacy in the Office Worry You?

Do the five points I’ve raised in this article set any alarm bells ringing? Are you concerned about your online security while you’re at work?

Or are you on the other side of the coin? Do you trust your employer with all your personal information?

You can let me know your opinions on the debate in the comments section below.

Dan is a British expat living in Mexico. He is currently a Senior Writer for MakeUseOf. At various times, he has been the Social Editor, Creative Editor, and Finance Editor. He is also an Editor for MUO's sister site, Blocks Decoded. Prior to his writing career, he was a Financial Consultant. You can follow him on Twitter and Facebook.